Kaspersky has identified the VileRAT malware used in a series of attacks against foreign exchange and cryptocurrency trading companies, as part of a multi-million dollar global cyber-attack campaign.
TAGS: VileRAT, cryptocurrency
ADVERSARY: DeathStalker
INDUSTRY: Ics
TARGETED COUNTRIES: Afghanistan, United Arab Emirates, Malta, Kuwait, Germany, Cyprus, Bulgaria
MALWARE FAMILIES: VileLoader, Stonefly, EVILNUM
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1053 - Scheduled Task/Job, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1080 - Taint Shared Content, T1104 - Multi-Stage Channels, T1105 - Ingress Tool Transfer, T1137 - Office Application Startup, T1496 - Resource Hijacking, T1547 - Boot or Logon Autostart Execution, T1564 - Hide Artifacts, T1566 - Phishing
Read More:
Comments